Detections
Analytics

Ensure there are no URL references used in base64 encoded value of AWS Launch Configuration

HIGH

Description

Using base64 encoded absolute URLs as part of config is not a good security practice.

Remediation

For more information on how to setup launch configurations, see the AWS documentation.

In Terraform -

  1. In the aws_launch_configuration resource, remove any user_data_base64 data that might contain URLs.
  2. This will destroy existing launch configurations for autoscaling groups and deploy a new configuration. For more information, see the Terraform documentation.

References:
https://docs.aws.amazon.com/autoscaling/ec2/userguide/create-asg-launch-configuration.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_configuration

Policy Details

Rule Reference ID: AC_AWS_0169
CSP: AWS
Remediation Available: Yes
Domain: Data Protection
Resource: aws_launch_configuration
Resource Category: Compute
Resource Type: Elastic Cloud Compute (EC2)

Frameworks